Sony Looks to the Cold War For Network Security

Andy Chalk

One Flag, One Fleet, One Cat
Nov 12, 2002
45,698
1
0
Sony Looks to the Cold War For Network Security


Sony's new Chief Security Officer has offered some insight into how the company's defenses against hackers have changed since the infamous PlayStation Network Incident of aught-eleven.

Say what you will about the sorry state of Sony's cyberdefenses prior to the attack that brought down the PlayStation Network last year, but there's no denying that the company is at least trying to appear to take the matter of network security very seriously now. The company hired Brett Wahlin, formerly of McAfee, as its new Chief Security Officer, and he's moved quickly to overhaul the division from a mere four staffers in October of last year to a comprehensive security operation that includes a "security operations center" run by HP and Arcsight that reports to directly to him.

"The types of ['hacktivist'] attacks we see are by groups with social agendas. The methods they use aren't the same as the state-sponsored guys," Wahlin, who also served eight years in the U.S. military as a counter-intelligence officer, told SC Magazine [http://www.scmagazine.com.au/Feature/293365,exclusive-how-sony-is-fighting-back.aspx]. "We are modifying our programs to deal less with state-sponsored [attacks] and more with socially-motivated hackers. It will be different."

A big part of the plan relies on the ongoing analysis of behaviors, which will include "FBI-inspired behavior profiling methods" and other systems and technologies to detect when an individual's activities move suddenly beyond the norm. "If we detect unusual activity, it may be that someone's been owned by a Trojan that we don't know about, and we can stop data flying out the door," Wahlin explained. He's also employing similar strategies for detecting more straightforward incidents of fraud on the PlayStation Network.

"You start to see a lot of similarities to the social engineering tradecraft in the Cold War," he continued. "They have a discrete set of characteristics and targets and if we can begin to adapt some of the pattern recognition to a digital-based [environment]... we may be able to detect fraud more effectively."

Last but not least is simple education, in the form of figuring out why people do stupid things and how to make them stop. It sounds simple enough - don't click unknown links, don't tell people things you know you're not supposed to - but it's actually a far greater challenge than just telling people to smarten up.

"Your typical education program of emails, mouse pads and posters - no one pays attention to that," Wahlin said. "Everyone has their own hot buttons, different genders, age groups, ethnic backgrounds, and even job types - they all have a different innate senses of satisfaction that you have to meet in order for staff to see security as valuable. Then we need to get them to repeat it until it's habit."

via: Develop [http://www.develop-online.net/news/40188/Sony-counter-intelligence-plan-against-Anonymous]


Permalink
 

mad825

New member
Mar 28, 2010
3,379
0
0
Hiring somebody who's competent enough to hook-up a network and manage it would be a start.
systems and technologies to detect when an individual's activities move suddenly beyond the norm. "If we detect unusual activity, it may be that someone's been owned by a Trojan that we don't know about, and we can stop data flying out the door,"
Is this something new or something new in Sony's IT department?
 

Kenjitsuka

New member
Sep 10, 2009
3,051
0
0
Cold war social engineering?
Wow! Sony nailed this futuristic threat by going back 30-50 years for the answer!

"Sooocial media? Whut's that? Imma gonna protect against social engineering, cuz it's a real danger, derp, derp!!111!11!" <= Sony's old coot new top security guy.
 

Danpascooch

Zombie Specialist
Apr 16, 2009
5,231
0
0
Behavior profiling? Jesus, they didn't even TRY to avoid buzzwords. They need a new pr department more than anything
 

Andy Chalk

One Flag, One Fleet, One Cat
Nov 12, 2002
45,698
1
0
There's no doubt Sony probably had high-end hardware and software tools doing more sophisticated pattern recognition across a far, far larger set of data than we do here when doing sweeps and cleanup for banjumpers, contest shenanigans, and spammer rings (they're often run by organized crime syndicates in SE Asia these days, even if they look similar on the surface to old school bots), but that they attempted to do so with just four people assigned to the task is the single most astonishing reveal, at least for me.
 

viranimus

Thread killer
Nov 20, 2009
4,952
0
0
I know its tedious, but sincerely, Andy, Thank you. The effort is noted , at least by me anyway.

Andy Chalk said:
It is much appreciated
OT: Thats great Sony, Congratulations for beefing up your security. Does this additional protection also cover false flag operations like last years attack, or was this all for naught? Regardless of who actually was behind last years attacks it is a good thing to hear Sony is strengthening its security. Even if it was false, the suggestion of a major corp being that weak exposed a weakness of other major companies around the internet which launched a wave of legitimate attacks with Lulzsec and others.
 

Ignatz_Zwakh

New member
Sep 3, 2010
1,408
0
0
Sony Entertainment Solid 3: PSNAKE HACKER.

Directed by Hideo Kojima.

That's what popped into my head when I saw the name of the article.
 

Soviet Steve

New member
May 23, 2009
1,511
0
0
Cold war? Couldn't they have looked elsewhere like the renaissance or the bronze age? Maybe the Hadean eon?
 

Sizzle Montyjing

Pronouns - Slam/Slammed/Slammin'
Apr 5, 2011
2,213
0
0
Encrypting the data might be a fucking start Sony, yeah, how about you do that?
Honestly, there was no excuse for the lack of care that went into customer protection.